Signature Detail
Short Name |
FTP:USER:ROOT |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
FTP |
Release Date |
2003/12/17 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: "root" Account Login
This signature detects attempts to login to an FTP server using the "root" account. This can indicate an attacker trying to gain root-level access, or it can indicate poor security practices. FTP typically uses plain-text passwords, and using the root account to FTP could expose sensitive data over the network.
Extended Description
A log on attempt to the FTP server by the root account may indicate an intrusion attempt.
References